Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Malware


  • This topic is locked This topic is locked
33 replies to this topic

#1 Tzvi41

Tzvi41

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 12 February 2012 - 03:20 AM

I tried to follow the removal guide, but was unable to install Malwarebytes (received an Access denied message) in Safe Mode after running RKill and TDSS Killer. Any help would be most appreciated. DDS Log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nomi at 2:58:24 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.2625 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Nomi\AppData\Roaming\922A7\CBB46.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\Nomi\AppData\Roaming\A7661\lvvm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\ProgramData\QrYVrxLHQgNNQj.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\ProgramData\MHv8eHohdyC6xj.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\SysWOW64\attrib.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:56808
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
uWinlogon: Shell=explorer.exe,C:\Users\Nomi\AppData\Roaming\922A7\CBB46.exe
uWindows: Load=C:\Users\Nomi\AppData\Roaming\A7661\lvvm.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [winupd] C:\Users\Nomi\AppData\Local\Temp:winupd.exe
uRun: [ADB.exe] C:\Users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ADB.exe] C:\Program Files (x86)\LP\4679\ADB.exe
mRun: [QrYVrxLHQgNNQj.exe] C:\ProgramData\QrYVrxLHQgNNQj.exe
StartupFolder: C:\Users\Nomi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Users\Nomi\AppData\Local\Temp\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{3E221D02-9534-41A0-B2E4-F2C7CD3BB259} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{3E221D02-9534-41A0-B2E4-F2C7CD3BB259}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [ADB.exe] C:\Program Files (x86)\LP\4679\ADB.exe
mRun-x64: [QrYVrxLHQgNNQj.exe] C:\ProgramData\QrYVrxLHQgNNQj.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\paxu0gt5.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56808
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
.
=============== Created Last 30 ================
.
2012-02-12 07:52:47 607260 ------r- C:\Windows\dds.scr
2012-02-12 05:39:34 4400207 ----a-w- C:\Windows\ComboFix.exe
2012-02-12 04:56:58 4733440 ----a-w- C:\Windows\aswMBR.exe
2012-02-12 04:43:01 9604712 ----a-w- C:\Windows\mbam-setup.exe
2012-02-12 04:41:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-12 04:39:59 2059824 ----a-w- C:\Windows\tdsskiller.exe
2012-02-12 04:36:08 1008141 ----a-w- C:\Windows\uSeRiNiT.exe
2012-02-12 04:33:03 84172 ----a-w- C:\Windows\iExplore.exe
2012-02-12 04:07:53 280576 ---ha-w- C:\Users\Nomi\AppData\Roaming\iexplore.exe
2012-02-12 03:57:43 352768 ---h--w- C:\ProgramData\MHv8eHohdyC6xj.exe
2012-02-12 03:52:30 280576 ---ha-w- C:\Users\Nomi\AppData\Roaming\firefox.exe
2012-02-12 03:49:17 446464 ---ha-w- C:\Users\Nomi\AppData\Roaming\Microsoft\4679\3AE1.exe
2012-02-12 03:48:23 -------- d--h--w- C:\Users\Nomi\AppData\Roaming\A7661
2012-02-12 03:45:49 -------- d--h--w- C:\Users\Nomi\AppData\Roaming\922A7
2012-02-12 03:45:45 280576 ---ha-w- C:\Users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe
2012-02-12 03:16:22 446464 ---ha-w- C:\ProgramData\QrYVrxLHQgNNQj.exe
2012-02-12 03:10:28 -------- d--h--w- C:\Program Files (x86)\A7661
2012-02-12 03:09:52 -------- d--h--w- C:\Program Files (x86)\LP
2012-02-12 03:03:21 20480 ----a-w- C:\Windows\svchost.exe
2012-02-12 03:01:17 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\D4BE.tmp
2012-02-12 03:01:17 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\D48E.tmp
2012-02-02 21:54:33 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-01-15 08:29:24 -------- d-sh--w- C:\found.000
2012-01-13 15:32:10 -------- d-----w- C:\e8a576d70f8d286c2d
.
==================== Find3M ====================
.
2011-12-16 18:10:00 36352 ----a-w- C:\Windows\SysWow64\4xbyk0J8E.exe
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-04 16:15:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 3:05:19.87 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 15 February 2012 - 09:22 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Tzvi41

Tzvi41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 16 February 2012 - 02:23 AM

Thank you. Just to be sure I'm not missing anything here - do I run Combofix in normal mode or safe mode?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 16 February 2012 - 07:55 AM

Hello


run all scans in normal mode unless I ask for something different.

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 19 February 2012 - 01:44 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Tzvi41

Tzvi41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 19 February 2012 - 01:48 AM

Sorry, been a busy week and I've been away from home. Will try to run it tonight or tomorrow.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 19 February 2012 - 01:50 AM

No problem and thanks for letting me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Tzvi41

Tzvi41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 19 February 2012 - 02:13 AM

Ok, trying now - I'm getting a message that McAfee Virusscan is still acitve antivirus and antispyware, even after I disabled Security Center and killed the process for Antivirus. Any ideas?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 19 February 2012 - 02:33 AM

Go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Tzvi41

Tzvi41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 19 February 2012 - 03:43 AM

Here is my Combofix Log. I haven't seen System Check start up again, but I'm still getting google redirects and most of my files are still missing/hidden from the start menu and desktop (seems like at lease some are back in the general file system though). Thank you for your help so far.

ComboFix 12-02-17.02 - Nomi 02/18/2012 21:45:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.2364 [GMT -5:00]
Running from: c:\users\Nomi\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\4679\28F.tmp
c:\program files (x86)\LP\4679\44B0.tmp
c:\program files (x86)\LP\4679\4B80.tmp
c:\program files (x86)\LP\4679\5908.tmp
c:\program files (x86)\LP\4679\ADB.exe
c:\program files (x86)\LP\4679\DE01.tmp
c:\programdata\~6ExCnBYEfKEvxq
c:\programdata\~6ExCnBYEfKEvxqr
c:\programdata\~9UuSD3YOvhJqmM
c:\programdata\~9UuSD3YOvhJqmMr
c:\programdata\~ChUOtGnZNCk6Mp
c:\programdata\~ChUOtGnZNCk6Mpr
c:\programdata\~jA4OXJHKg5HHwu
c:\programdata\~jA4OXJHKg5HHwur
c:\programdata\~MHv8eHohdyC6xj
c:\programdata\~MHv8eHohdyC6xjr
c:\programdata\6ExCnBYEfKEvxq
c:\programdata\9UuSD3YOvhJqmM
c:\programdata\9UuSD3YOvhJqmM.exe
c:\programdata\ChUOtGnZNCk6Mp
c:\programdata\jA4OXJHKg5HHwu
c:\programdata\MHv8eHohdyC6xj
c:\programdata\QrYVrxLHQgNNQj.exe
c:\users\Nomi\AppData\Local\{4650C594-1C39-4CC5-A8F3-2B7E43FD6120}
c:\users\Nomi\AppData\Local\{4650C594-1C39-4CC5-A8F3-2B7E43FD6120}\chrome.manifest
c:\users\Nomi\AppData\Local\{4650C594-1C39-4CC5-A8F3-2B7E43FD6120}\chrome\content\_cfg.js
c:\users\Nomi\AppData\Local\{4650C594-1C39-4CC5-A8F3-2B7E43FD6120}\chrome\content\overlay.xul
c:\users\Nomi\AppData\Local\{4650C594-1C39-4CC5-A8F3-2B7E43FD6120}\install.rdf
c:\users\Nomi\AppData\Roaming\922A7
c:\users\Nomi\AppData\Roaming\922A7\7661.22A
c:\users\Nomi\AppData\Roaming\922A7\CBB46.exe
c:\users\Nomi\AppData\Roaming\Adobe\plugs
c:\users\Nomi\AppData\Roaming\Adobe\shed
c:\users\Nomi\AppData\Roaming\firefox.exe
c:\users\Nomi\AppData\Roaming\iexplore.exe
c:\users\Nomi\AppData\Roaming\java.exe
c:\users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe
c:\users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Nomi\Documents\~WRL0001.tmp
c:\users\Nomi\Documents\~WRL0005.tmp
c:\users\Nomi\Documents\~WRL0006.tmp
c:\users\Nomi\Documents\~WRL0007.tmp
c:\users\Nomi\Documents\~WRL0671.tmp
c:\users\Nomi\Documents\~WRL0701.tmp
c:\users\Nomi\Documents\~WRL1398.tmp
c:\users\Nomi\Documents\~WRL1926.tmp
c:\users\Nomi\Documents\~WRL2370.tmp
c:\users\Nomi\Documents\~WRL3178.tmp
c:\users\Nomi\Documents\~WRL3391.tmp
c:\users\Nomi\Documents\~WRL3451.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 02:58 . 2012-02-19 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 21:30 . 2012-02-18 21:30 280064 ---ha-w- c:\users\Nomi\AppData\Roaming\Microsoft\4679\39D4.exe
2012-02-18 21:29 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-17 12:28 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 12:28 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 12:28 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 12:28 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 12:28 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 12:27 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 12:27 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 12:27 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 23:08 . 2012-02-16 23:08 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\723A.tmp
2012-02-16 23:08 . 2012-02-16 23:08 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\721A.tmp
2012-02-16 00:30 . 2012-02-16 00:30 183296 ---ha-w- c:\users\Nomi\AppData\Roaming\Microsoft\4679\F71A.exe
2012-02-12 07:52 . 2012-02-12 07:52 607260 ------r- c:\windows\dds.scr
2012-02-12 05:39 . 2012-02-19 02:29 4406994 ----a-w- c:\windows\ComboFix.exe
2012-02-12 04:56 . 2012-02-12 04:56 4733440 ----a-w- c:\windows\aswMBR.exe
2012-02-12 04:43 . 2012-02-12 04:43 9604712 ----a-w- c:\windows\mbam-setup.exe
2012-02-12 04:41 . 2012-02-18 08:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-12 04:39 . 2012-02-12 04:40 2059824 ----a-w- c:\windows\tdsskiller.exe
2012-02-12 04:33 . 2012-02-12 04:33 84172 ----a-w- c:\windows\iExplore.exe
2012-02-12 03:49 . 2012-02-12 03:49 446464 ---ha-w- c:\users\Nomi\AppData\Roaming\Microsoft\4679\3AE1.exe
2012-02-12 03:48 . 2012-02-18 08:26 -------- d--h--w- c:\users\Nomi\AppData\Roaming\A7661
2012-02-12 03:10 . 2012-02-12 03:10 -------- d--h--w- c:\program files (x86)\A7661
2012-02-12 03:01 . 2012-02-12 03:01 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\D4BE.tmp
2012-02-12 03:01 . 2012-02-12 03:01 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\D48E.tmp
2012-02-02 21:54 . 2012-02-18 08:25 -------- d--h--w- c:\programdata\CanonIJScan
2012-02-02 21:54 . 2012-02-18 08:13 -------- d--h--w- c:\users\Nomi\AppData\Roaming\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 18:10 . 2011-12-16 18:10 36352 ----a-w- c:\windows\SysWow64\4xbyk0J8E.exe
2011-12-10 20:24 . 2011-11-07 04:08 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 16:15 . 2011-05-23 21:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:35 . 2011-11-25 16:35 158056 ---ha-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
.
c:\users\Nomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\users\Nomi\AppData\Local\Temp\DellDock.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 04:47]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MRT"="c:\windows\system32\MRT.exe" [2012-02-18 54585368]
"combofix"="c:\combofix\CF18694.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:56808
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Nomi\AppData\Roaming\Mozilla\Firefox\Profiles\paxu0gt5.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56808
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ADB.exe - c:\users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe
Wow6432Node-HKLM-Run-ADB.exe - c:\program files (x86)\LP\4679\ADB.exe
Wow6432Node-HKLM-Run-QrYVrxLHQgNNQj.exe - c:\programdata\QrYVrxLHQgNNQj.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-UnityWebPlayer - c:\users\Nomi\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,b5,16,8a,ee,46,fe,45,9a,e7,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,b5,16,8a,ee,46,fe,45,9a,e7,40,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Common Files\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\progra~2\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2012-02-18 22:33:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 03:33
.
Pre-Run: 244,119,060,480 bytes free
Post-Run: 246,468,722,688 bytes free
.
- - End Of File - - BB02577B11A72523FFDF6746B826F3A6

Edited by Tzvi41, 19 February 2012 - 03:47 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 19 February 2012 - 03:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Tzvi41

Tzvi41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 19 February 2012 - 10:58 PM

TDSS and MBR logs below. I'm getting a Malwarebytes window saying that it has detected a malicious process atempting to start and has blocked it - C:\Windows\SVCHOST.EXE TROJAN.AGENT

TDSS Log:

10:36:16.0284 5748 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:36:16.0614 5748 ============================================================
10:36:16.0614 5748 Current date / time: 2012/02/19 10:36:16.0614
10:36:16.0614 5748 SystemInfo:
10:36:16.0614 5748
10:36:16.0614 5748 OS Version: 6.1.7600 ServicePack: 0.0
10:36:16.0614 5748 Product type: Workstation
10:36:16.0614 5748 ComputerName: NOMI-PC
10:36:16.0638 5748 UserName: Nomi
10:36:16.0638 5748 Windows directory: C:\Windows
10:36:16.0638 5748 System windows directory: C:\Windows
10:36:16.0638 5748 Running under WOW64
10:36:16.0638 5748 Processor architecture: Intel x64
10:36:16.0638 5748 Number of processors: 2
10:36:16.0638 5748 Page size: 0x1000
10:36:16.0639 5748 Boot type: Normal boot
10:36:16.0639 5748 ============================================================
10:36:22.0543 5748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:36:22.0555 5748 \Device\Harddisk0\DR0:
10:36:22.0556 5748 MBR used
10:36:22.0556 5748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
10:36:22.0556 5748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
10:36:22.0828 5748 Initialize success
10:36:22.0829 5748 ============================================================
10:36:56.0822 5588 ============================================================
10:36:56.0822 5588 Scan started
10:36:56.0822 5588 Mode: Manual;
10:36:56.0822 5588 ============================================================
10:37:00.0318 5588 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
10:37:00.0363 5588 1394ohci - ok
10:37:00.0785 5588 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:37:00.0790 5588 ACPI - ok
10:37:01.0077 5588 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:37:01.0091 5588 AcpiPmi - ok
10:37:01.0593 5588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:37:01.0638 5588 adp94xx - ok
10:37:01.0907 5588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:37:01.0978 5588 adpahci - ok
10:37:02.0358 5588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:37:02.0371 5588 adpu320 - ok
10:37:02.0752 5588 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
10:37:02.0914 5588 AFD - ok
10:37:03.0279 5588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:37:03.0300 5588 agp440 - ok
10:37:04.0148 5588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:37:04.0158 5588 aliide - ok
10:37:04.0218 5588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:37:04.0223 5588 amdide - ok
10:37:04.0380 5588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:37:04.0388 5588 AmdK8 - ok
10:37:04.0646 5588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:37:04.0652 5588 AmdPPM - ok
10:37:04.0805 5588 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
10:37:04.0845 5588 amdsata - ok
10:37:05.0410 5588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:37:05.0424 5588 amdsbs - ok
10:37:05.0600 5588 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
10:37:05.0642 5588 amdxata - ok
10:37:05.0950 5588 ApfiltrService (7142aa0dbcd3a4960f01799309a737ff) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:37:05.0994 5588 ApfiltrService - ok
10:37:06.0250 5588 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:37:06.0285 5588 AppID - ok
10:37:06.0626 5588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:37:06.0632 5588 arc - ok
10:37:06.0804 5588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:37:06.0813 5588 arcsas - ok
10:37:06.0923 5588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:37:06.0930 5588 AsyncMac - ok
10:37:07.0062 5588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:37:07.0063 5588 atapi - ok
10:37:07.0580 5588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:37:07.0664 5588 b06bdrv - ok
10:37:08.0009 5588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:37:08.0020 5588 b57nd60a - ok
10:37:08.0326 5588 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
10:37:08.0380 5588 BCM42RLY - ok
10:37:08.0697 5588 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:37:08.0718 5588 BCM43XX - ok
10:37:09.0042 5588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:37:09.0047 5588 Beep - ok
10:37:09.0451 5588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:37:09.0464 5588 blbdrive - ok
10:37:09.0828 5588 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:37:09.0869 5588 bowser - ok
10:37:09.0968 5588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:37:09.0984 5588 BrFiltLo - ok
10:37:10.0103 5588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:37:10.0109 5588 BrFiltUp - ok
10:37:10.0661 5588 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
10:37:10.0758 5588 BrSerIb - ok
10:37:11.0025 5588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:37:11.0041 5588 Brserid - ok
10:37:11.0104 5588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:37:11.0111 5588 BrSerWdm - ok
10:37:11.0141 5588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:37:11.0146 5588 BrUsbMdm - ok
10:37:11.0178 5588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:37:11.0183 5588 BrUsbSer - ok
10:37:11.0596 5588 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
10:37:11.0606 5588 BrUsbSIb - ok
10:37:11.0810 5588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:37:11.0816 5588 BTHMODEM - ok
10:37:12.0125 5588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:37:12.0134 5588 cdfs - ok
10:37:12.0528 5588 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:37:12.0537 5588 cdrom - ok
10:37:12.0739 5588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:37:12.0744 5588 circlass - ok
10:37:12.0844 5588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:37:12.0870 5588 CLFS - ok
10:37:13.0016 5588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:37:13.0024 5588 CmBatt - ok
10:37:13.0103 5588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:37:13.0114 5588 cmdide - ok
10:37:13.0499 5588 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
10:37:13.0551 5588 CNG - ok
10:37:14.0127 5588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:37:14.0135 5588 Compbatt - ok
10:37:14.0320 5588 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:37:14.0327 5588 CompositeBus - ok
10:37:14.0611 5588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:37:14.0617 5588 crcdisk - ok
10:37:14.0894 5588 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:37:14.0933 5588 CtClsFlt - ok
10:37:15.0194 5588 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:37:15.0230 5588 DfsC - ok
10:37:15.0404 5588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:37:15.0409 5588 discache - ok
10:37:15.0666 5588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:37:15.0680 5588 Disk - ok
10:37:16.0275 5588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:37:16.0285 5588 drmkaud - ok
10:37:16.0492 5588 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:37:16.0573 5588 DXGKrnl - ok
10:37:16.0943 5588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:37:17.0343 5588 ebdrv - ok
10:37:17.0669 5588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:37:17.0757 5588 elxstor - ok
10:37:18.0058 5588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:37:18.0072 5588 ErrDev - ok
10:37:18.0332 5588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:37:18.0343 5588 exfat - ok
10:37:18.0423 5588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:37:18.0432 5588 fastfat - ok
10:37:18.0548 5588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:37:18.0557 5588 fdc - ok
10:37:18.0834 5588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:37:18.0839 5588 FileInfo - ok
10:37:18.0887 5588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:37:18.0896 5588 Filetrace - ok
10:37:19.0000 5588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:37:19.0013 5588 flpydisk - ok
10:37:19.0087 5588 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:37:19.0098 5588 FltMgr - ok
10:37:19.0153 5588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:37:19.0159 5588 FsDepends - ok
10:37:19.0198 5588 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:37:19.0200 5588 Fs_Rec - ok
10:37:19.0346 5588 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:37:19.0387 5588 fvevol - ok
10:37:19.0731 5588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:37:19.0739 5588 gagp30kx - ok
10:37:19.0926 5588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:37:19.0959 5588 GEARAspiWDM - ok
10:37:20.0378 5588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:37:20.0383 5588 hcw85cir - ok
10:37:20.0740 5588 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:37:20.0789 5588 HdAudAddService - ok
10:37:21.0228 5588 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:37:21.0234 5588 HDAudBus - ok
10:37:21.0809 5588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:37:21.0819 5588 HidBatt - ok
10:37:22.0140 5588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:37:22.0151 5588 HidBth - ok
10:37:22.0313 5588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:37:22.0318 5588 HidIr - ok
10:37:22.0564 5588 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:37:22.0572 5588 HidUsb - ok
10:37:22.0905 5588 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:37:22.0918 5588 HpSAMD - ok
10:37:23.0159 5588 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:37:23.0276 5588 HTTP - ok
10:37:23.0472 5588 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:37:23.0476 5588 hwpolicy - ok
10:37:23.0861 5588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:37:23.0876 5588 i8042prt - ok
10:37:24.0119 5588 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:37:24.0173 5588 iaStorV - ok
10:37:24.0741 5588 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:37:25.0222 5588 igfx - ok
10:37:25.0576 5588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:37:25.0587 5588 iirsp - ok
10:37:25.0863 5588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:37:25.0872 5588 intelide - ok
10:37:26.0116 5588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:37:26.0118 5588 intelppm - ok
10:37:26.0696 5588 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:37:26.0774 5588 IpFilterDriver - ok
10:37:27.0118 5588 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:37:27.0130 5588 IPMIDRV - ok
10:37:27.0227 5588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:37:27.0238 5588 IPNAT - ok
10:37:27.0495 5588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:37:27.0504 5588 IRENUM - ok
10:37:27.0658 5588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:37:27.0665 5588 isapnp - ok
10:37:27.0756 5588 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:37:27.0764 5588 iScsiPrt - ok
10:37:27.0843 5588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:37:27.0848 5588 kbdclass - ok
10:37:28.0110 5588 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:37:28.0122 5588 kbdhid - ok
10:37:28.0266 5588 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
10:37:28.0297 5588 KSecDD - ok
10:37:28.0431 5588 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
10:37:28.0474 5588 KSecPkg - ok
10:37:28.0665 5588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:37:28.0678 5588 ksthunk - ok
10:37:28.0946 5588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:37:28.0960 5588 lltdio - ok
10:37:29.0652 5588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:37:29.0664 5588 LSI_FC - ok
10:37:29.0768 5588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:37:29.0773 5588 LSI_SAS - ok
10:37:29.0828 5588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:37:29.0833 5588 LSI_SAS2 - ok
10:37:29.0871 5588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:37:29.0878 5588 LSI_SCSI - ok
10:37:30.0134 5588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:37:30.0140 5588 luafv - ok
10:37:30.0456 5588 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:37:30.0457 5588 MBAMProtector - ok
10:37:30.0739 5588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:37:30.0748 5588 megasas - ok
10:37:30.0801 5588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:37:30.0811 5588 MegaSR - ok
10:37:30.0929 5588 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
10:37:30.0967 5588 mfeavfk - ok
10:37:31.0094 5588 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
10:37:31.0185 5588 mfebopk - ok
10:37:32.0290 5588 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
10:37:32.0363 5588 mfehidk - ok
10:37:32.0617 5588 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
10:37:32.0657 5588 mferkdk - ok
10:37:32.0722 5588 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
10:37:32.0723 5588 mfesmfk - ok
10:37:32.0771 5588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:37:32.0777 5588 Modem - ok
10:37:32.0846 5588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:37:32.0847 5588 monitor - ok
10:37:32.0914 5588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:37:32.0919 5588 mouclass - ok
10:37:33.0445 5588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:37:33.0456 5588 mouhid - ok
10:37:33.0707 5588 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:37:33.0717 5588 mountmgr - ok
10:37:33.0868 5588 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
10:37:33.0907 5588 MPFP - ok
10:37:34.0199 5588 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:37:34.0209 5588 mpio - ok
10:37:34.0424 5588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:37:34.0433 5588 mpsdrv - ok
10:37:34.0703 5588 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:37:34.0712 5588 MRxDAV - ok
10:37:34.0952 5588 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:35.0020 5588 mrxsmb - ok
10:37:35.0428 5588 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:35.0471 5588 mrxsmb10 - ok
10:37:35.0669 5588 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:35.0714 5588 mrxsmb20 - ok
10:37:35.0916 5588 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
10:37:35.0975 5588 msahci - ok
10:37:36.0204 5588 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:37:36.0213 5588 msdsm - ok
10:37:36.0425 5588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:37:36.0432 5588 Msfs - ok
10:37:36.0508 5588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:37:36.0516 5588 mshidkmdf - ok
10:37:36.0812 5588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:37:36.0816 5588 msisadrv - ok
10:37:37.0135 5588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:37:37.0146 5588 MSKSSRV - ok
10:37:37.0495 5588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:37.0710 5588 MSPCLOCK - ok
10:37:38.0274 5588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:37:38.0283 5588 MSPQM - ok
10:37:38.0436 5588 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:37:38.0448 5588 MsRPC - ok
10:37:38.0690 5588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:37:38.0691 5588 mssmbios - ok
10:37:39.0041 5588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:37:39.0048 5588 MSTEE - ok
10:37:39.0606 5588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:37:39.0614 5588 MTConfig - ok
10:37:39.0755 5588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:37:39.0763 5588 Mup - ok
10:37:40.0141 5588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:37:40.0145 5588 NativeWifiP - ok
10:37:40.0545 5588 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:37:40.0555 5588 NDIS - ok
10:37:40.0831 5588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:37:40.0842 5588 NdisCap - ok
10:37:41.0086 5588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:41.0100 5588 NdisTapi - ok
10:37:41.0628 5588 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:41.0639 5588 Ndisuio - ok
10:37:41.0919 5588 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:41.0929 5588 NdisWan - ok
10:37:42.0099 5588 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:37:42.0103 5588 NDProxy - ok
10:37:42.0318 5588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:37:42.0326 5588 NetBIOS - ok
10:37:42.0383 5588 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:37:42.0394 5588 NetBT - ok
10:37:42.0646 5588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:37:42.0658 5588 nfrd960 - ok
10:37:42.0969 5588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:37:42.0973 5588 Npfs - ok
10:37:44.0144 5588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:37:44.0153 5588 nsiproxy - ok
10:37:44.0606 5588 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:37:44.0947 5588 Ntfs - ok
10:37:45.0163 5588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:37:45.0170 5588 Null - ok
10:37:45.0745 5588 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:37:45.0815 5588 nvraid - ok
10:37:46.0307 5588 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:37:46.0367 5588 nvstor - ok
10:37:46.0808 5588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:37:46.0816 5588 nv_agp - ok
10:37:47.0132 5588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:37:47.0143 5588 ohci1394 - ok
10:37:47.0924 5588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:37:47.0931 5588 Parport - ok
10:37:48.0148 5588 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:37:48.0163 5588 partmgr - ok
10:37:48.0475 5588 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:37:48.0484 5588 pci - ok
10:37:48.0969 5588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:37:48.0981 5588 pciide - ok
10:37:49.0349 5588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:37:49.0664 5588 pcmcia - ok
10:37:49.0950 5588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:37:49.0955 5588 pcw - ok
10:37:50.0360 5588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:37:50.0445 5588 PEAUTH - ok
10:37:50.0887 5588 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:50.0903 5588 PptpMiniport - ok
10:37:51.0210 5588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:37:51.0221 5588 Processor - ok
10:37:51.0867 5588 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:37:51.0882 5588 Psched - ok
10:37:52.0145 5588 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:37:52.0185 5588 PxHlpa64 - ok
10:37:52.0572 5588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:37:52.0642 5588 ql2300 - ok
10:37:52.0775 5588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:37:52.0781 5588 ql40xx - ok
10:37:52.0929 5588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:37:52.0936 5588 QWAVEdrv - ok
10:37:53.0111 5588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:53.0125 5588 RasAcd - ok
10:37:54.0410 5588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:37:54.0416 5588 RasAgileVpn - ok
10:37:54.0510 5588 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:54.0518 5588 Rasl2tp - ok
10:37:54.0553 5588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:54.0561 5588 RasPppoe - ok
10:37:54.0609 5588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:54.0617 5588 RasSstp - ok
10:37:54.0765 5588 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:54.0778 5588 rdbss - ok
10:37:54.0888 5588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:37:54.0895 5588 rdpbus - ok
10:37:55.0165 5588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:55.0170 5588 RDPCDD - ok
10:37:55.0369 5588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:37:55.0379 5588 RDPENCDD - ok
10:37:55.0829 5588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:37:55.0838 5588 RDPREFMP - ok
10:37:58.0891 5588 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:38:00.0063 5588 RDPWD - ok
10:38:00.0548 5588 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:38:00.0564 5588 rdyboost - ok
10:38:00.0860 5588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:38:00.0868 5588 rspndr - ok
10:38:01.0489 5588 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
10:38:01.0544 5588 RSUSBSTOR - ok
10:38:01.0835 5588 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:38:01.0874 5588 RTL8167 - ok
10:38:02.0092 5588 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:38:02.0099 5588 sbp2port - ok
10:38:02.0362 5588 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:38:02.0371 5588 scfilter - ok
10:38:02.0764 5588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:38:02.0772 5588 secdrv - ok
10:38:02.0946 5588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:38:02.0952 5588 Serenum - ok
10:38:03.0196 5588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:38:03.0205 5588 Serial - ok
10:38:03.0517 5588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:38:03.0527 5588 sermouse - ok
10:38:04.0118 5588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:38:04.0128 5588 sffdisk - ok
10:38:04.0373 5588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:38:04.0381 5588 sffp_mmc - ok
10:38:04.0636 5588 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:38:04.0644 5588 sffp_sd - ok
10:38:04.0782 5588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:38:04.0788 5588 sfloppy - ok
10:38:04.0913 5588 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:38:04.0984 5588 Sftfs - ok
10:38:05.0369 5588 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:38:05.0418 5588 Sftplay - ok
10:38:05.0742 5588 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:38:05.0811 5588 Sftredir - ok
10:38:06.0159 5588 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:38:06.0196 5588 Sftvol - ok
10:38:06.0479 5588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:38:06.0492 5588 SiSRaid2 - ok
10:38:06.0823 5588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:38:06.0830 5588 SiSRaid4 - ok
10:38:07.0100 5588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:38:07.0112 5588 Smb - ok
10:38:07.0534 5588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:38:07.0542 5588 spldr - ok
10:38:07.0858 5588 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:38:07.0921 5588 srv - ok
10:38:08.0220 5588 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:38:08.0297 5588 srv2 - ok
10:38:08.0557 5588 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:38:08.0596 5588 srvnet - ok
10:38:08.0937 5588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:38:08.0951 5588 stexstor - ok
10:38:09.0408 5588 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
10:38:09.0482 5588 STHDA - ok
10:38:09.0769 5588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:38:09.0774 5588 swenum - ok
10:38:10.0208 5588 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
10:38:10.0260 5588 Tcpip - ok
10:38:10.0803 5588 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
10:38:10.0815 5588 TCPIP6 - ok
10:38:11.0358 5588 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:38:11.0550 5588 tcpipreg - ok
10:38:13.0822 5588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:38:13.0834 5588 TDPIPE - ok
10:38:14.0092 5588 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:38:14.0096 5588 TDTCP - ok
10:38:14.0241 5588 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:38:14.0246 5588 tdx - ok
10:38:14.0535 5588 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:38:14.0541 5588 TermDD - ok
10:38:14.0706 5588 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:14.0715 5588 tssecsrv - ok
10:38:14.0963 5588 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:38:14.0974 5588 tunnel - ok
10:38:15.0086 5588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:38:15.0093 5588 uagp35 - ok
10:38:15.0622 5588 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
10:38:15.0674 5588 udfs - ok
10:38:16.0329 5588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:38:16.0335 5588 uliagpkx - ok
10:38:16.0506 5588 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:38:16.0517 5588 umbus - ok
10:38:16.0681 5588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:38:16.0690 5588 UmPass - ok
10:38:17.0001 5588 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
10:38:17.0043 5588 USBAAPL64 - ok
10:38:17.0641 5588 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:17.0695 5588 usbccgp - ok
10:38:17.0971 5588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:38:17.0979 5588 usbcir - ok
10:38:18.0246 5588 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
10:38:18.0284 5588 usbehci - ok
10:38:18.0606 5588 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
10:38:18.0667 5588 usbhub - ok
10:38:18.0962 5588 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
10:38:19.0002 5588 usbohci - ok
10:38:19.0320 5588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:38:19.0325 5588 usbprint - ok
10:38:19.0995 5588 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:38:20.0001 5588 usbscan - ok
10:38:20.0613 5588 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:20.0648 5588 USBSTOR - ok
10:38:20.0896 5588 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
10:38:20.0934 5588 usbuhci - ok
10:38:21.0154 5588 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
10:38:21.0219 5588 usbvideo - ok
10:38:23.0178 5588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:38:23.0188 5588 vdrvroot - ok
10:38:24.0144 5588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:24.0154 5588 vga - ok
10:38:24.0989 5588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:38:24.0998 5588 VgaSave - ok
10:38:26.0120 5588 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:38:26.0199 5588 vhdmp - ok
10:38:26.0779 5588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:38:26.0987 5588 viaide - ok
10:38:27.0969 5588 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:38:27.0977 5588 volmgr - ok
10:38:28.0415 5588 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:38:28.0447 5588 volmgrx - ok
10:38:28.0678 5588 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:38:28.0693 5588 volsnap - ok
10:38:29.0084 5588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:38:29.0096 5588 vsmraid - ok
10:38:29.0751 5588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:38:29.0760 5588 vwifibus - ok
10:38:30.0010 5588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:38:30.0027 5588 vwififlt - ok
10:38:30.0359 5588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:38:30.0388 5588 WacomPen - ok
10:38:30.0799 5588 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:30.0811 5588 WANARP - ok
10:38:30.0818 5588 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:30.0820 5588 Wanarpv6 - ok
10:38:31.0086 5588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:38:31.0100 5588 Wd - ok
10:38:32.0044 5588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:38:32.0150 5588 Wdf01000 - ok
10:38:32.0452 5588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:38:32.0457 5588 WfpLwf - ok
10:38:32.0574 5588 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:38:32.0630 5588 WimFltr - ok
10:38:32.0843 5588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:38:32.0850 5588 WIMMount - ok
10:38:33.0375 5588 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
10:38:33.0442 5588 WinUsb - ok
10:38:33.0797 5588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:38:33.0798 5588 WmiAcpi - ok
10:38:33.0955 5588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:38:33.0963 5588 ws2ifsl - ok
10:38:34.0068 5588 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
10:38:34.0104 5588 WudfPf - ok
10:38:34.0183 5588 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:34.0239 5588 WUDFRd - ok
10:38:34.0414 5588 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
10:38:34.0459 5588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:38:34.0459 5588 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:38:34.0504 5588 Boot (0x1200) (85af29dac008a8545c9ba2eaad7df661) \Device\Harddisk0\DR0\Partition0
10:38:34.0513 5588 \Device\Harddisk0\DR0\Partition0 - ok
10:38:34.0535 5588 Boot (0x1200) (91fccc1547dfd2482d1becb0510b4e16) \Device\Harddisk0\DR0\Partition1
10:38:34.0537 5588 \Device\Harddisk0\DR0\Partition1 - ok
10:38:34.0538 5588 ============================================================
10:38:34.0538 5588 Scan finished
10:38:34.0538 5588 ============================================================
10:38:34.0560 5664 Detected object count: 1
10:38:34.0560 5664 Actual detected object count: 1
10:39:37.0144 5664 \Device\Harddisk0\DR0\# - copied to quarantine
10:39:37.0150 5664 \Device\Harddisk0\DR0 - copied to quarantine
10:39:38.0047 5664 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:39:38.0098 5664 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:39:38.0154 5664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:39:38.0204 5664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:39:38.0349 5664 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:39:38.0484 5664 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:39:38.0543 5664 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:39:38.0557 5664 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:39:38.0574 5664 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:39:38.0603 5664 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:39:38.0649 5664 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:39:38.0681 5664 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:39:41.0147 5664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:39:41.0443 5664 \Device\Harddisk0\DR0 - ok
10:39:44.0889 5664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:39:50.0868 2836 Deinitialize success

MBR log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 00:00:58
-----------------------------
00:00:58.364 OS Version: Windows x64 6.1.7600
00:00:58.364 Number of processors: 2 586 0x170A
00:00:58.364 ComputerName: NOMI-PC UserName: Nomi
00:00:59.050 Initialize success
00:01:46.334 AVAST engine defs: 12021101
00:04:52.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:04:52.941 Disk 0 Vendor: ST9320325AS D005DEM1 Size: 305245MB BusType: 11
00:04:52.957 Disk 0 MBR read successfully
00:04:52.957 Disk 0 MBR scan
00:04:52.988 Disk 0 Windows VISTA default MBR code
00:04:53.004 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:04:53.019 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
00:04:53.035 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
00:04:53.035 Service scanning
00:04:54.938 Modules scanning
00:04:54.938 Disk 0 trace - called modules:
00:04:54.954
00:04:56.436 AVAST engine scan C:\Windows
00:04:59.384 AVAST engine scan C:\Windows\system32
00:05:12.161 File: C:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
00:06:59.676 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
00:07:01.611 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
00:08:06.694 AVAST engine scan C:\Windows\system32\drivers
00:08:20.344 AVAST engine scan C:\Users\Nomi
00:18:05.236 File: C:\Users\Nomi\AppData\Local\Temp\control.exe **INFECTED** Win32:Downloader-MMC [Trj]
00:18:17.014 File: C:\Users\Nomi\AppData\Local\Temp\eudcedit.exe **INFECTED** Win32:Downloader-MMC [Trj]
00:18:21.772 File: C:\Users\Nomi\AppData\Local\Temp\jar_cache1086678494628701955.tmp **INFECTED** Win32:MalOb-HC [Cryp]
00:18:22.084 File: C:\Users\Nomi\AppData\Local\Temp\jar_cache4290597555111127220.tmp **INFECTED** Win32:MalOb-GS [Cryp]
00:20:08.179 File: C:\Users\Nomi\AppData\Local\Temp\magnify.exe **INFECTED** Win32:Downloader-MMC [Trj]
00:20:10.644 File: C:\Users\Nomi\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:MalOb-IJ [Cryp]
00:20:10.878 File: C:\Users\Nomi\AppData\Local\Temp\narrator.exe **INFECTED** Win32:Downloader-MMC [Trj]
00:20:13.296 File: C:\Users\Nomi\AppData\Local\Temp\osk.exe **INFECTED** Win32:Downloader-MMC [Trj]
00:22:54.413 File: C:\Users\Nomi\AppData\Roaming\922A7\CBB46.exe **INFECTED** Win32:Cycbot-SA [Trj]
00:23:08.859 File: C:\Users\Nomi\AppData\Roaming\firefox.exe **INFECTED** Win32:Cycbot-SC [Trj]
00:23:09.545 File: C:\Users\Nomi\AppData\Roaming\iexplore.exe **INFECTED** Win32:Cycbot-SC [Trj]
00:23:54.832 File: C:\Users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe **INFECTED** Win32:Cycbot-SC [Trj]
00:29:42.557 AVAST engine scan C:\ProgramData
00:30:35.909 File: C:\ProgramData\Microsoft\Windows\DRM\D48E.tmp **INFECTED** Win32:Malware-gen
00:30:35.940 File: C:\ProgramData\Microsoft\Windows\DRM\D4BE.tmp **INFECTED** Win32:Malware-gen
00:32:30.351 Scan finished successfully
00:38:29.276 Disk 0 MBR has been saved successfully to "C:\Windows\MBR.dat"
00:38:29.292 The log file has been saved successfully to "C:\Windows\aswMBR.txt"


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 10:46:37
-----------------------------
10:46:37.212 OS Version: Windows x64 6.1.7600
10:46:37.212 Number of processors: 2 586 0x170A
10:46:37.213 ComputerName: NOMI-PC UserName: Nomi
10:47:03.495 Initialize success
10:47:58.927 AVAST engine defs: 12021901
10:52:04.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:52:04.741 Disk 0 Vendor: ST9320325AS D005DEM1 Size: 305245MB BusType: 11
10:52:04.935 Disk 0 MBR read successfully
10:52:04.940 Disk 0 MBR scan
10:52:05.729 Disk 0 Windows VISTA default MBR code
10:52:05.790 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:52:05.877 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
10:52:05.900 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
10:52:05.913 Service scanning
10:53:48.587 Modules scanning
10:53:48.604 Disk 0 trace - called modules:
10:53:48.635 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:53:48.645 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043356c0]
10:53:48.656 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004014680]
10:53:53.163 AVAST engine scan C:\Windows
10:54:07.930 AVAST engine scan C:\Windows\system32
10:54:39.291 File: C:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
10:58:42.768 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
10:58:45.964 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
11:00:25.043 AVAST engine scan C:\Windows\system32\drivers
11:00:44.794 AVAST engine scan C:\Users\Nomi
11:08:14.622 File: C:\Users\Nomi\AppData\Local\Temp\control.exe **INFECTED** Win32:Downloader-MMC [Trj]
11:09:42.156 File: C:\Users\Nomi\AppData\Local\Temp\eudcedit.exe **INFECTED** Win32:Downloader-MMC [Trj]
11:09:48.147 File: C:\Users\Nomi\AppData\Local\Temp\magnify.exe **INFECTED** Win32:Downloader-MMC [Trj]
11:09:49.298 File: C:\Users\Nomi\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:MalOb-IJ [Cryp]
11:09:49.371 File: C:\Users\Nomi\AppData\Local\Temp\narrator.exe **INFECTED** Win32:Downloader-MMC [Trj]
11:09:49.524 File: C:\Users\Nomi\AppData\Local\Temp\osk.exe **INFECTED** Win32:Downloader-MMC [Trj]
11:10:54.903 File: C:\Users\Nomi\AppData\Roaming\922A7\CBB46.exe **INFECTED** Win32:Cycbot-SF [Trj]
11:10:54.992 File: C:\Users\Nomi\AppData\Roaming\A7661\lvvm.exe **INFECTED** Win32:Cycbot-SF [Trj]
11:11:08.150 File: C:\Users\Nomi\AppData\Roaming\firefox.exe **INFECTED** Win32:Cycbot-SF [Trj]
11:11:09.071 File: C:\Users\Nomi\AppData\Roaming\iexplore.exe **INFECTED** Win32:Cycbot-SF [Trj]
11:11:09.249 File: C:\Users\Nomi\AppData\Roaming\java.exe **INFECTED** Win32:Cycbot-SF [Trj]
11:12:11.646 File: C:\Users\Nomi\AppData\Roaming\Microsoft\4679\3AE1.exe **INFECTED** Win32:FakeSysdefs-A [Trj]
11:12:12.100 File: C:\Users\Nomi\AppData\Roaming\Microsoft\4679\ADB.exe **INFECTED** Win32:Cycbot-SF [Trj]
11:12:12.307 File: C:\Users\Nomi\AppData\Roaming\Microsoft\4679\C090.tmp **INFECTED** Win32:Cycbot-SF [Trj]
11:12:12.496 File: C:\Users\Nomi\AppData\Roaming\Microsoft\4679\F71A.exe **INFECTED** Win32:Cycbot-SH [Trj]
11:20:50.291 AVAST engine scan C:\ProgramData
11:20:50.563 File: C:\ProgramData\6ExCnBYEfKEvxq.exe **INFECTED** Win32:FakeSysdefs-A [Trj]
11:22:20.620 File: C:\ProgramData\Microsoft\Windows\DRM\721A.tmp **INFECTED** Win32:Malware-gen
11:22:20.701 File: C:\ProgramData\Microsoft\Windows\DRM\723A.tmp **INFECTED** Win32:Malware-gen
11:22:21.796 File: C:\ProgramData\Microsoft\Windows\DRM\D48E.tmp **INFECTED** Win32:Malware-gen
11:22:21.846 File: C:\ProgramData\Microsoft\Windows\DRM\D4BE.tmp **INFECTED** Win32:Malware-gen
11:22:39.550 File: C:\ProgramData\QrYVrxLHQgNNQj.exe **INFECTED** Win32:FakeSysdefs-A [Trj]
11:26:07.212 Scan finished successfully
16:48:45.274 Disk 0 MBR has been saved successfully to "C:\Users\Nomi\Desktop\MBR.dat"
16:48:45.294 The log file has been saved successfully to "C:\Users\Nomi\Desktop\aswMBR.txt"

Edited by Tzvi41, 19 February 2012 - 10:59 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 19 February 2012 - 11:13 PM

rerun combofix for me now please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Tzvi41

Tzvi41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 20 February 2012 - 12:38 AM

Rerunning now - got a few messages about not being able to find NIRKMD so far

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 AM

Posted 20 February 2012 - 12:41 AM

that is normal - just let it keep going


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users